[Cryptech Tech] LURK as interface to HSM

Leif Johansson leifj at sunet.se
Sat Mar 19 19:28:38 UTC 2016


On 2016-03-19 20:24, Leif Johansson wrote:
> On 2016-03-19 20:07, Randy Bush wrote:
>> Date: Sat, 19 Mar 2016 13:53:56 -0400
>> Subject: LURK as interface to HSM
>> From: Phillip Hallam-Baker <phill at hallambaker.com>
>> To: Randy Bush <randy at psg.com>
>>
>> Randy,
>>
>> This is my proposal for LURK
>>
>> https://tools.ietf.org/html/draft-hallambaker-lurk-00
> 
> I guess its conceptually not too far from the p11 proxy we're using over
> here @ sunet: https://github.com/leifj/pyeleven as a way to
> isolate the circus that is pkcs11 from applications.
> 

cept for the fact that Phil has actually worked out the details... I
just send stuff for signature down the pipe

> 	Cheers Leif
> 
>>
>> The reason I think it is relevant to your HSM work is that it is
>> essentially a standardized remote API for a HSM.
>>
>> I will be putting the code up on github 'soon'.
>>
>> Stephen Farrell's LURK vision seems to be that the TLS server is
>> talking to some service in the cloud. I suspect that is the wrong
>> model and what is really wanted here is a deployment model where I can
>> buy a HSM box of my choice, configure it to bind it to my trust nexus
>> and then ship it off to the Content Delivery Network to sit in the
>> same data center as my server.
>>
>> Which is a proposal I have wanted for a long time but wasn't feasible
>> without a suitable HSM device. This is a model that could establish
>> the demand necessary for production.
>>
>> Alternatively, I want to be using a similar model for code signing.
>> Selling a HSM to keep the code signing keys safe is essentially the
>> 'do you want fries with that' upsell for code signing certificates.
>> _______________________________________________
>> Tech mailing list
>> Tech at cryptech.is
>> https://lists.cryptech.is/listinfo/tech
>>
> 
> 
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech
> 




More information about the Tech mailing list